I walked with a zombie.

In what the DOJ is calling “the first prosecution of its kind in the nation,” 26-year-old John Schiefer of Los Angeles pleaded guilty last Wednesday to using a “botnet” of hundreds of thousands of “zombie” computers to commit massive identity theft. At the April 16 plea hearing, the former computer security consultant, who went by the handle “Acidstorm,” admitted to gaining access to the computers and remotely controlling them through the Internet. Schiefer admitted to illegal wiretapping by installing code known as malware on the zombie computers, which allowed him to steal usernames, passwords, and PayPal account information. He also hacked into the PStore, a supposedly secure data repository for computers running Microsoft operating systems. And he admitted to defrauding a Dutch advertising company by promising to install the company’s programs only on computers whose owners had given consent, and then installing the programs on his botnet of zombie computers.

Los Angeles FBI Assistant Director Salvador Hernandez claims that the case should serve as a warning to would-be “cyber culprits” that the long arm of the law may be “only a few mouse clicks away.” As for Schiefer, he is reported to face up to 60 years in federal prison and $1.75 million in fines.

I have represented a number of young computer hackers, including an individual charged in the first, pre-World Wide Web prosecution of a computer crime under the illegal wiretapping theory used in the Schiefer case. I am always struck by how ambitious, smart, and creative these hackers are. While it is flat-out wrong to steal someone’s identity, I have found that with these types of cases in particular, an understanding sentencing approach can allow for true rehabilitation. I have thankfully been able to obtain very advantageous sentences for these clients. Indeed, all of the hackers I have represented have gone on to lead productive – and law-abiding – lives. Some hackers even get jobs as FBI consultants! CR